Part II : Identifying and Disabling Stale Computers [ http://ande.in ]

By Using the table we created from Part I, we identify the computers with password age and lastlogontimestamp > 60 days and disable them.

Stale Computers can be identified based on their Password Age and LastLogonTimeStamp

Go Further :

Machine Account Password Process

“The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”

SQL Query to find Stale Computers

Note : Change the following names in the script

Standard Disabled OU [Default : ande.in/Disabled]

SQL_Server_Name

SQL_DB_Name

SELECT Name FROM AD_Data WHERE ParentContainer != 'ande.in/Disabled'
AND ((pwd_age >60 and llts_age >60) or (pwd_age >60 and llts_age is null))
AND Name NOT IN (SELECT name FROM AD_Data GROUP BY Name HAVING ( COUNT(Name) > 1 ))

Power Shell Script to Identify and Disable Stale Computers, This Excludes Standard Disabled Computers OU

add-pssnapin Quest.ActiveRoles.ADManagement
$LogName_Stale_60 = Get-Date -uformat "C:\Log_%d%m%Y.log"
######################
$Date_Stale_60 = Get-Date
echo "$Date_Stale_60 : Disabling Stale Computers in Active Directory....." | Out-File -Append -FilePath $Log
######################
#####Get Computers with Password Age and Last Logon > 60 from SQL
$SqlQuery_Stale = "SELECT Name FROM AD_Data WHERE ParentContainer != 'ande.in/Disabled'
AND ((pwd_age >60 and llts_age >60) or (pwd_age >60 and llts_age is null))
AND Name NOT IN (SELECT name FROM AD_Data GROUP BY Name HAVING ( COUNT(Name) > 1 ))"
###
$SqlConnection_Stale = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection_Stale.ConnectionString = "Data Source=SQL_Server_Name;Initial Catalog=SQL_DB_Name;Integrated Security=TRUE;"
$SqlCmd_Stale = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd_Stale.CommandText = $SqlQuery_Stale
$SqlCmd_Stale.Connection = $SqlConnection_Stale
$SqlAdapter_Stale = New-Object System.Data.SqlClient.SqlDataAdapter
$SqlAdapter_Stale.SelectCommand = $SqlCmd_Stale
$DataSet_Stale = New-Object System.Data.DataSet
$SqlAdapter_Stale.Fill($DataSet_Stale)
$Stale_Computers_60 = $DataSet_Stale.Tables | Select-Object -Expand Rows
$SqlConnection_Stale.Close()
##
foreach ($Computer_60 in $Stale_Computers_60)
{
Get-QADComputer -Name $Computer_60.Name | Disable-QADComputer
}
Published Wednesday, March 31, 2010 5:21 AM by andersonk
Filed under: , ,

Comments

No Comments